feat: 短信接入极光真实发送 + 新增运营 admin 后台子应用
短信(SMS_MOCK 切 mock/real): - integrations/sms.py 重写: real 模式走极光短信 REST /v1/messages 自定义验证码(本服务 secrets 生成 6 位码 + 进程内存 + 本地校验一次性/防爆破), 鉴权复用极光一键登录 JG_APP_KEY/MASTER_SECRET (同一极光应用, 上线只需 SMS_MOCK=false); mock 仍"任意6位通过"不动其余测试 - 防刷四层: 单号冷却 + 单号每日上限 + 单IP rate_limit(/sms/send 10/min、/sms/login 20/min) + 单码失败次数作废; SmsError 带 status_code 映射 429/503/400 - config 增 SMS_SEND_ENDPOINT/SIGN_ID/TEMPLATE_ID/CODE_LENGTH/DAILY_LIMIT/MAX_VERIFY_ATTEMPTS; test_auth 加 real 模式单测; sms.md/后端技术实现/待办账本同步 admin 后台(app/admin/ 独立子应用, uvicorn app.admin.main:admin_app :8771): - 复用主仓 models/repositories/integrations + 同库, 鉴权完全隔离(ADMIN_JWT_SECRET≠JWT_SECRET_KEY + payload typ=admin + bcrypt 密码 + 可选 IP 白名单); 主 app 不 import 本包, admin 崩不影响主进程 - 路由: 登录 / 账号管理(RBAC: super_admin·finance·operator) / 用户列表+360详情+封禁+手动调币 / 钱包流水 / 提现重试对账 / 反馈工单 / 数据大盘; 全写操作落 admin_audit_log(涉钱与业务写同事务) - 涉钱逻辑(调微信/退款/对账)复用 app.repositories.wallet 不重写 - 新增 models/admin.py(AdminUser/AdminAuditLog) + admin_tables 迁移 + create_admin.py + deploy/shaguabijia-admin.service; 依赖加 bcrypt Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,58 @@
|
||||
"""创建 / 重置一个 admin 后台账号。
|
||||
|
||||
用法(在项目根、已 pip install -e . 的环境里跑):
|
||||
python scripts/create_admin.py --username admin --role super_admin
|
||||
不传 --password → 自动生成强随机密码,打印一次,务必当场保存
|
||||
python scripts/create_admin.py --username ops --role operator --password 'xxx'
|
||||
|
||||
幂等:username 已存在则重置其密码 + 角色 + 置为 active(忘记密码时用它重置)。
|
||||
角色:super_admin(全权+管账号)/ finance(钱)/ operator(用户+反馈+大盘)。
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import argparse
|
||||
import secrets
|
||||
|
||||
from app.admin.repositories import admin_user as admin_repo
|
||||
from app.core.security import hash_password
|
||||
from app.db.session import SessionLocal
|
||||
|
||||
_ROLES = ("super_admin", "finance", "operator")
|
||||
|
||||
|
||||
def main() -> None:
|
||||
parser = argparse.ArgumentParser(description="创建或重置 admin 账号")
|
||||
parser.add_argument("--username", required=True)
|
||||
parser.add_argument("--role", default="super_admin", choices=_ROLES)
|
||||
parser.add_argument("--password", default=None, help="不传则自动生成强随机密码")
|
||||
args = parser.parse_args()
|
||||
|
||||
password = args.password or secrets.token_urlsafe(16)
|
||||
generated = args.password is None
|
||||
|
||||
db = SessionLocal()
|
||||
try:
|
||||
existing = admin_repo.get_by_username(db, args.username)
|
||||
if existing is None:
|
||||
admin = admin_repo.create_admin(
|
||||
db, username=args.username, password=password, role=args.role
|
||||
)
|
||||
action = "创建"
|
||||
else:
|
||||
existing.password_hash = hash_password(password)
|
||||
existing.role = args.role
|
||||
existing.status = "active"
|
||||
db.commit()
|
||||
db.refresh(existing)
|
||||
admin = existing
|
||||
action = "重置"
|
||||
finally:
|
||||
db.close()
|
||||
|
||||
print(f"✅ 已{action} admin: id={admin.id} username={admin.username} role={admin.role}")
|
||||
if generated:
|
||||
print(f"🔑 自动生成的密码(只显示这一次,请立即保存):\n {password}")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user